jplagens
asked on
ASA 5505 8.4 Port Redirection
I'm having some issues with port redirection on an ASA 5505 running post 8.4 software. I have an internal webserver listening on TCP port 8040. To make it easier on users I want them to use port 80 externally and I will redirect the inbound requests to port 8040. I also use port 8041, but it remains the same internally and externally.
In my 8.2 config this worked great. This WAS my config:
access-list INBOUND_ACL extended permit tcp any interface outside eq www
access-list INBOUND_ACL extended permit tcp any interface outside eq 8041
static (inside,outside) tcp interface www 172.16.11.102 8040 netmask 255.255.255.255
static (inside,outside) tcp interface 8041 172.16.11.102 8041 netmask 255.255.255.255
In my 9.2 config, I am having some issues. This is what my config looks like now and it is not working.
object service WWW
service tcp source eq www
object service PORT_8040
service tcp source eq 8040
object service PORT_8041
service tcp source eq 8041
object network WEBSERVER
host 172.16.11.102
access-list INBOUND_ACL extended permit tcp any host 172.16.11.102 eq www
access-list INBOUND_ACL extended permit tcp any host 172.16.11.102 eq 8041
nat (inside,outside) source static WEBSERVER interface service WWW PORT_8040
nat (inside,outside) source static WEBSERVER interface service PORT_8041 PORT_8041
In my 8.2 config this worked great. This WAS my config:
access-list INBOUND_ACL extended permit tcp any interface outside eq www
access-list INBOUND_ACL extended permit tcp any interface outside eq 8041
static (inside,outside) tcp interface www 172.16.11.102 8040 netmask 255.255.255.255
static (inside,outside) tcp interface 8041 172.16.11.102 8041 netmask 255.255.255.255
In my 9.2 config, I am having some issues. This is what my config looks like now and it is not working.
object service WWW
service tcp source eq www
object service PORT_8040
service tcp source eq 8040
object service PORT_8041
service tcp source eq 8041
object network WEBSERVER
host 172.16.11.102
access-list INBOUND_ACL extended permit tcp any host 172.16.11.102 eq www
access-list INBOUND_ACL extended permit tcp any host 172.16.11.102 eq 8041
nat (inside,outside) source static WEBSERVER interface service WWW PORT_8040
nat (inside,outside) source static WEBSERVER interface service PORT_8041 PORT_8041
Cisco PIX / ASA Port Forwarding
object network Internal_Web_Server-WWW
host 172.16.11.102
nat (inside,outside) static interface service tcp www www
object network Internal_Web_Server-8041
host 172.16.11.102
nat (inside,outside) static interface service tcp 8041 8041
access-list INBOUND_ACL permit tcp any object Internal_Web_Server-WWW eq www
access-list INBOUND_ACL permit tcp any object Internal_Web_Server-8041 eq 8041
Should do you
Pete
host 172.16.11.102
nat (inside,outside) static interface service tcp www www
object network Internal_Web_Server-8041
host 172.16.11.102
nat (inside,outside) static interface service tcp 8041 8041
access-list INBOUND_ACL permit tcp any object Internal_Web_Server-WWW eq www
access-list INBOUND_ACL permit tcp any object Internal_Web_Server-8041 eq 8041
Should do you
Pete
ASKER
That didn't seem to work. That config appears to be translating port 80 on the outside and inside. I need to source port 80 from the outside and redirect to destination port 8040 on the inside.
I also tried this and it didn't work:
object network Internal_Web_Server-WWW
host 172.16.11.102
nat (inside,outside) static interface service tcp www 8040
I also tried this and it didn't work:
object network Internal_Web_Server-WWW
host 172.16.11.102
nat (inside,outside) static interface service tcp www 8040
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Problem resolved by poster.